Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add a GUI for managing TLS\SSL certificates

Description

Spark needs a GUI dialog, which it could present when a user tries to login to a server with an invalid certificate. It should present why certificate is invalid (maybe it can be pulled from Smack error, but there should be a conversion of this error to a human readable text): self-signed, expired, not trusted authority, mismatching hostname. There should be a button to Proceed anyway, Cancel (which will not let Spark to connect). There should also be a checkbox to add this certificate to the exceptions list (when pressing Proceed button), so it won't ask again on a next login. There could be also a GUI to manage exceptions or just a button somewhere to wipe the list, but that could be added later.

When this GUI is implemented, we should disable by default Accept all certificates and Disable hostname verifications options.These options can stay for those, who are using Spark in a closed environment and think they are safe from certificate spoofing attacks, so they won't bother their users with additional dialogs.

If the certificate is perfectly fine on a first check, Spark shouldn't show any dialog for it. But it shouldn't add such certificate into the exception list. It should validate valid certificates every time it logins. And when a valid certificate becomes invalid (say, expires), then it should show a dialog for it.

Environment

None
100% Done
Loading...

Activity

Show:

wroot 
December 2, 2017 at 7:21 PM

Marking this master ticket as Fixed, as all the sub tickets are done and it is working for the most part. Some polishing is needed, but it will be tracked in

wroot 
November 20, 2017 at 9:21 PM

Yeah, that's kind of a master ticket of the whole certificates management.

Paweł Ścibiorski 
November 20, 2017 at 9:07 PM

This one in kind of covered by all of the issues from GSoC 2017 project.

wroot 
August 27, 2016 at 6:07 AM

There is also a good point in the thread, that a user might want to check what certificate is in use (even if valid). So there could be a GUI for that (maybe pressing on the little lock icon at the bottom of the roster window? Or adding a menu entry somewhere, say File > Certificates).

wroot 
August 27, 2016 at 6:03 AM

Not sure how this can be implemented (the checking and allowing stuff). Wonder if Smack can let through connection for a particular certificate. Or will you have to accept all certificates and disable verification for all just for one session when a user presses Proceed or adds an exception. Not an ideal option, but could work.

Fixed

Details

Priority

Assignee

Reporter

Labels

Affects versions

Fix versions

Components

Ignite Forum URL

Created January 9, 2011 at 8:50 AM
Updated October 28, 2020 at 1:44 PM
Resolved December 2, 2017 at 7:21 PM